home

installer.exe

Mow digital Ltd.

The application installer.exe by Mow digital has been detected as a potentially unwanted program by 20 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from get.desk2opapps.com.
Publisher:
Mow digital Ltd.  (signed and verified)

MD5:
8e6a916e25b45b62d47226d64dc8b3ec

SHA-1:
92094bcc3b4728a7eb55e256bf14242ec892e353

SHA-256:
5c50350e2c82557128ea3933dba8fc093d84da60a39aa84b8a5021bb186e00a2

Scanner detections:
20 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/26/2024 6:42:31 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.OutBrowse
7.1.1

Avira AntiVirus
PUA/Outbrowse.Gen
8.3.2.4

avast!
OutBrowse-SY [PUP]
151205-4

AVG
Adware MultiBundle.M
2015.0.4477

Bkav FE
W32.HfsAdware
1.3.0.7383

Dr.Web
Trojan.InstallCore.922
9.0.1.05190

ESET NOD32
Win32/OutBrowse.K potentially unwanted
9.12695

Fortinet FortiGate
Riskware/OutBrowse
12/9/2015

F-Prot
W32/Outbrowse.B.gen
v6.4.7.1.166

G Data
Win32.Application.OutBrowse
15.12.25

IKARUS anti.virus
AdWare.Downware
t3scan.1.9.5.0

K7 AntiVirus
Unwanted-Program
13.212.18054

Malwarebytes
PUP.Optional.Mowdig
v2015.12.09.03

McAfee
Program.Adware-OutBrowse
18.0.204.0

NANO AntiVirus
Trojan.Win32.Generic.cthmwf
1.0.10.5081

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1077

Reason Heuristics
Win32.Generic.Mowdigital.Installer.Meta
15.12.9.14

SUPERAntiSpyware
Adware.Downloader/Variant
9458

Total Defense
Win32/Tnega.EKIKMED
37.1.62.1

VIPRE Antivirus
Threat.4150696
45686

File size:
105.6 KB (108,104 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\installer.exe

Digital Signature
Signed by:
Mow digital Ltd.

Authority:
VeriSign, Inc.

Valid from:
12/26/2013 2:00:00 AM

Valid to:
12/27/2014 1:59:59 AM

Subject:
CN=Mow digital Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Mow digital Ltd., L=tel aviv, S=tel aviv, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
15703B98A987F026B9DEFD5922EDF08B

File PE Metadata
Compilation timestamp:
12/6/2009 12:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:JgXdZt9P6D3XJ2Cf5Ky/9XO3jR0eWSzUu/0Wr:Je34lfUQ9OzRgW/cm

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.6795

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file installer.exe has been seen being distributed by the following URL.

http://get.desk2opapps.com/.../GetMar?p=3022&d=9180&l=1694&n=0&d1=1&clickid=ZzdXVpZD02NGVmYjMxYy02OTNmLTQ1YTItODk3NC0wMWJjMzk2M2QzMDA

Remove installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.